Tips:
- Kevin Rose, the creator of Moonbirds, falls victim to a phishing scam
- The scammer manipulated the entrepreneur into a malicious signature through a false security
- Kevin lost 40 NFTs altogether including 25 Art Blocks Chromie Squiggles, 9 OnChainMonkey items, and one Autoglyph.
Kevin Rose, a member of PROOF Collective, just lost $1.1M worth of NFTs in a phishing scam.
He shared the details of how it happened on his Twitter account, alerting his followers to not buy any Squiggles NFTs until his team reports it was stolen.
Later, Arran, a VP Engineer at PROOF, shared the details of how it all happened:
How did it happen?
According to the user, the hackers used social engineering to gain access to Kevin’s wallet by
“crafting signatures accepted by OpenSea’s marketplace contract”.
They lured him into signing his wallet for one malicious seaport bundle, allowing attackers to transfer the expensive tokens.
To explain better, Analyst Quit shares that it was done using the Seaport protocol. The hackers set up a fake website that could view all of Kevin’s assets on the offer side. Then they ordered a transfer of Opensea-verified assets from Kevin’s wallet to theirs, which the Moonbirds signed off unknowingly.
Fortunately, none of the PROOF-owned NFTs were stolen because the team has set multiple approvals to access them. However, his personal tokens were drained out completely.
According to investigator Arkham, the hacker managed to send all NFTs in a single transaction to an external account.
Once the attacker sells out the NFTs, they can earn around 702.77 ETH, or $1.1 million. They could possibly even earn $2M based on the current floor price of the stolen NFTs.
Surprisingly, Kevin managed to save some of his most valuable assets on time as he immediately transferred them to his main wallet.
Arkham believes the hacker’s code didn’t identify or missed the CryptoPunks, XCOPY artworks, Ringers, and many more.
Can Kevin recover his NFTs?
Following the hack, Kevin reached out to OpenSea and Ledger to resolve the issue with the anti-fraud teams.
“THANK YOU, to everyone that reached out. @opensea – thank you, @iancr and the team at @Ledger, so helpful,” he wrote in a Twitter post.
Both platforms are currently investigating the case.
On the other hand, dev @cxkoda submitted a code to MetaMask to ensure the contract is blocked and doesn’t target any other collectors.
Quit advises that when signing wallets for selling an asset on any website do not allow your vault into signing approvals since it can view all the assets you own. Instead, use a different wallet to put up an NFT for sale.